Windows SBS 2003  Built To Serve and Protect

We take a look at the server software's new Service Pack 1 upgrade, which focuses on integration and security, including more protection against nasty buffer overrun attacks.

Windows Small Business Server 2003 (SBS 2003) is a server bundle that integrates mail, Web server, and collaboration and remote-access tools so well that it achieves any integrated system's clichéd aimit's greater than the sum of its parts. It's a compelling solution for Windows shops that can make use of these services, but that aren't large enough for full-time IT, and that's a pretty good slice of the Venn diagram.

Microsoft released Service Pack 1 for Windows Server 2003, the server operating system that underlies SBS 2003, back in April, an update that focused on security improvements. And in mid-May, the company followed up with Service Pack 1 (SP1) for SBS 2003, which includes the core updates of the Windows Server 2003 Service Pack 1, plus service packs for all of SBS 2003's integrated components.

Integration is a big part of the value of SBS 2003, and Microsoft says that making sure that all of the parts of SBS 2003 continued to work well together after the updates were complete was an important goal. In addition to Windows Server 2003 Service Pack 1, SBS 2003 SP1 includes service packs for Exchange Server and for SharePoint, XP Service Pack 2 and Outlook 2003 Service Pack 1 for client computers. The service pack for the Premium Edition also includes SQL Server 2000 Service Pack 4 and ISA Server 2004, which is the only new component release  this release of the advanced firewall and VPN package replaces ISA Server 2000.

Applying the Patch
If your company is currently running SBS 2003, then applying the service pack is definitely in order. Download SBS 2003 SP1 for free, or you can order a CD pack for five dollars (you'll also need to provide your product keys to get the Premium Edition Service Pack, which is not available for download). Applying the five-component service packs that make up SBS 2003 SP1 will require time, patience, a good backup and about as much knowledge of the system as it took to install SBS 2003 in the first place. If a consultant or reseller performed your initial setup, you will probably want his or her help with the service pack installation as well.

According to Microsoft, SBS 2003 is often the first server a small business ever sees  80 percent of new installations of SBS 2003 go into businesses previously without servers (here, Microsoft counts as servers only dedicated machines running a server operating system). New installations of SBS 2003 will already include the changes of SP1. If you've already decided against SBS 2003, the incremental improvements of SP1 won't change your mind. But new SBS 2003 converts might sleep a little better knowing their company's primary server includes SP1's security enhancements.

Clean Install
We tested a clean install of SBS 2003 with SP1, typical of what you might see if you purchased a new computer with SBS 2003 pre-installed. In this scenario, SBS 2003 is installed but you must still complete the configuration to match your network and your users. SP1 doesn't change anything about the process of setting up SBS 2003.

SBS 2003 includes a variety of wizards that make administrative tasks like firewall configuration and user setup easier for people lacking extensive Windows server experience, by gathering tasks together into related groups. The server management checklist guides you through the entire process and keeps you on track. One of our favorite parts of the install is the automated client setup, which made short work of updating client software (including applying XP Service Pack 2 to XP clients) and moving client systems into the network managed by SBS 2003. Nevertheless, SBS 2003 has both a wide range of capabilities and is extremely flexible, so setting it up takes a little bit of technical savvy.

In our limited testing, we didn't run into any compatibility issues or application conflicts. Still, breaking existing applications is the great fear when perfoming service pack installs, so it would pay to contact your software vendors to find out if there are any known conflicts with SBS 2003 SP1. Microsoft has a Windows Server 2003 SP1 application compatibility list for tested applications which you should also review.

More Security
Whether you apply SP1 to an existing server or start from scratch, you'll get a number of fixes and updates and a variety of security enhancements. Many of these enhancements are courtesy of Windows Server 2003 SP1. These include the new Windows Firewall (although SBS 2003 SP1 ships this disabled by default, continuing to use the RRAS firewall), reduced default privileges for core services, and support for hardware technologies to help stop so-called buffer overrun attacks, a common security problem.

Windows Server 2003 SP1 also includes more secure versions of Internet Explorer and Outlook Express, designed to thwart attacks from malicious e-mails or Web sites. For one thing, Outlook Express users can now read HTML mail as plain text, preventing HTML links from being followed.

One often-mentioned security enhancement in Windows Server 2003 SP1 that you won't find in SBS 2003 SP 1 is the Security Configuration Wizard. But that's not because SBS 2003 is less secure. In SBS 2003 SP1, these advanced security settings are managed through a Configure E-mail and Internet Connection Wizard, the wizard that tackles SBS 2003 SP1's most challenging setup issues.

Better security is again the main attraction of the Exchange Server and SharePoint service packs. Both include updates to address vulnerabilities. New installs of SBS 2003 SP 1 further configure Exchange to reject e-mail sent to non-existent users (rather than routing to another mailbox) and include other changes to Exchange to make it more difficult for spammers to verify legitimate addresses on the site.

On the client side, installing SBS 2003 SP 1 will bring XP machines up to the level of the more-secure XP Service Pack 2 (putting Windows Firewall on the client), if you have not already installed the service pack on the client.

The Long Run
As with any complex technology, installation and the occasional update are the trickiest part of working with SBS 2003. The SBS 2003 service pack is a significant security enhancement and well worth whatever stress is involved in installing it  if you're already running SBS 2003. From our own testing with a clean install, SBS 2003 ran without problems once we completed the configuration.

In the long run, it is the core features of SBS 2003, including centralized e-mail services, a company Web server and remote access to user desktops, all managed through integrated tools and using a common set of users, that will prove the real benefit to your company.

Steve Apiki is a freelance writer and software developer who works for a small business in Peterborough, NH. He's been a contributing editor to BYTE and to FamilyPC.

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!

Advertiser Disclosure:
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.